content/browser/child_process_security_policy_impl.cc - Issue 2332263002: Updated suborigin serialization to latest spec proposal

Side by Side Diff: content/browser/child_process_security_policy_impl.cc

Issue 2332263002: Updated suborigin serialization to latest spec proposal (Closed)

Patch Set: Fix unit tests Created 4 years, 3 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

OLD	NEW
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.	1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.

2 // Use of this source code is governed by a BSD-style license that can be	2 // Use of this source code is governed by a BSD-style license that can be

3 // found in the LICENSE file.	3 // found in the LICENSE file.

4	4

5 #include "content/browser/child_process_security_policy_impl.h"	5 #include "content/browser/child_process_security_policy_impl.h"

6	6

7 #include <algorithm>	7 #include <algorithm>

8 #include <utility>	8 #include <utility>

9	9

10 #include "base/command_line.h"	10 #include "base/command_line.h"

(...skipping 279 matching lines...) Expand 10 before \| Expand all \| Expand 10 after Loading...
290	290

291 // The set of isolated filesystems the child process is permitted to access.	291 // The set of isolated filesystems the child process is permitted to access.

292 FileSystemMap filesystem_permissions_;	292 FileSystemMap filesystem_permissions_;

293	293

294 DISALLOW_COPY_AND_ASSIGN(SecurityState);	294 DISALLOW_COPY_AND_ASSIGN(SecurityState);

295 };	295 };

296	296

297 ChildProcessSecurityPolicyImpl::ChildProcessSecurityPolicyImpl() {	297 ChildProcessSecurityPolicyImpl::ChildProcessSecurityPolicyImpl() {

298 // We know about these schemes and believe them to be safe.	298 // We know about these schemes and believe them to be safe.

299 RegisterWebSafeScheme(url::kHttpScheme);	299 RegisterWebSafeScheme(url::kHttpScheme);

	300 RegisterWebSafeScheme(kHttpSuboriginScheme);
	nasko 2016/09/19 22:20:21 Why not put those in url:: namespace? Why not put those in url:: namespace? jww 2016/09/20 00:24:32 See earlier comments from Mike. Mike prefers them Show quoted text On 2016/09/19 22:20:21, nasko (slow) wrote: > Why not put those in url:: namespace? See earlier comments from Mike. Mike prefers them as content-level definitions, rather than in GURL, since he feels that they're a content-level concept (hence they're defined in content/public/common/url_constants.h). This has the nice-ish effect that users of cronet (sp?) don't have to ever see suborigins, at least for now.
300 RegisterWebSafeScheme(url::kHttpsScheme);	301 RegisterWebSafeScheme(url::kHttpsScheme);

	302 RegisterWebSafeScheme(kHttpsSuboriginScheme);
	nasko 2016/09/19 22:20:21 Registering these here is a bit dangerous, as it w Registering these here is a bit dangerous, as it will lead us to allow committing of suborigin URLs, which I don't think we can. Can we? Why not register it as a PseudoScheme? I think it matches more closely the semantics of suborigins. jww 2016/09/20 00:24:32 That is what I did initially. The trick I ran into Show quoted text On 2016/09/19 22:20:21, nasko (slow) wrote: > Registering these here is a bit dangerous, as it will lead us to allow > committing of suborigin URLs, which I don't think we can. Can we? > > Why not register it as a PseudoScheme? I think it matches more closely the > semantics of suborigins. That is what I did initially. The trick I ran into is when the renderer requests resources. When the resource request is made, the resource dispatcher checks the Origin header of the request (specifically at https://cs.chromium.org/chromium/src/content/browser/loader/resource_dispatch...) to see if it's a "valid" origin header. However, at this point, the Origin header, per the pec, is serialized with the suborigin, , and part of what makes it "valid" is if CanCommitURL passes (which requires a WebSafeScheme). Thus simple resource requests kill the renderer if they're coming from a suborigin. So maybe this needs to change? But my intuition is that this is, in a sense, commitable, since a renderer has this effective origin for making requests. What do you think?
301 RegisterWebSafeScheme(url::kFtpScheme);	303 RegisterWebSafeScheme(url::kFtpScheme);

302 RegisterWebSafeScheme(url::kDataScheme);	304 RegisterWebSafeScheme(url::kDataScheme);

303 RegisterWebSafeScheme("feed");	305 RegisterWebSafeScheme("feed");

304 RegisterWebSafeScheme(url::kBlobScheme);	306 RegisterWebSafeScheme(url::kBlobScheme);

305 RegisterWebSafeScheme(url::kFileSystemScheme);	307 RegisterWebSafeScheme(url::kFileSystemScheme);

306	308

307 // We know about the following pseudo schemes and treat them specially.	309 // We know about the following pseudo schemes and treat them specially.

308 RegisterPseudoScheme(url::kAboutScheme);	310 RegisterPseudoScheme(url::kAboutScheme);

309 RegisterPseudoScheme(url::kJavaScriptScheme);	311 RegisterPseudoScheme(url::kJavaScriptScheme);

310 RegisterPseudoScheme(kViewSourceScheme);	312 RegisterPseudoScheme(kViewSourceScheme);

(...skipping 540 matching lines...) Expand 10 before \| Expand all \| Expand 10 after Loading...
851 base::AutoLock lock(lock_);	853 base::AutoLock lock(lock_);

852	854

853 SecurityStateMap::iterator state = security_state_.find(child_id);	855 SecurityStateMap::iterator state = security_state_.find(child_id);

854 if (state == security_state_.end())	856 if (state == security_state_.end())

855 return false;	857 return false;

856	858

857 return state->second->can_send_midi_sysex();	859 return state->second->can_send_midi_sysex();

858 }	860 }

859	861

860 } // namespace content	862 } // namespace content

OLD	NEW

« no previous file with comments | « no previous file | content/browser/child_process_security_policy_unittest.cc » ('j') | third_party/WebKit/Source/platform/weborigin/SecurityOrigin.cpp » ('J')